Asus posted a Product Security Advisory on Jan 2, 2025 for Asus router AiCloud vulnerability.
www.asus.com
01/02/2025 ASUS Router AiCloud vulnerability
Injection and execution vulnerabilities in certain ASUS router firmware series that allow authenticated attackers to trigger command execution have been identified in ASUS router AiCloud. If the vulnerabilities are exploited, authenticated administrators could execute commands through the router over the network. We have released new firmware update for 3.0.0.4_386, 3.0.0.4_388, 3.0.0.6_102 series.
We advise you to check your equipment and security procedures regularly, as this will make you safer. As a user of an ASUS router, we recommend following these steps:
• Update your router with the newest firmware. We encourage you to do this when new firmware becomes available. You can find the newest firmware on the ASUS support page at
https://www.asus.com/support/ or the relevant product page at
https://www.asus.com/Networking/. ASUS has provided a link to new firmware for some routers at the end of this notice.
• Use different passwords for your wireless network and router-administration page. Use passwords that have at least 10 characters, with a mix of capital letters, numbers and symbols. Do not use the same password for more than one device or service.
If you are unable to update the firmware quickly or the router (with 3.0.0.4_382 firmware) is end-of-life , please ensure that both your login and WiFi passwords are strong. It is recommended to (1) Enable the password protection in AiCloud (2) disable any services that can be accessed from the internet, such as remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP; and (3) use passwords that have more than 10 characters, including a mix of uppercase letters, numbers, and special characters to enhance the security of your devices. Do not use passwords with consecutive numbers or letters, such as 1234567890, abcdefghij, or qwertyuiop.
For further help with router setup and an introduction to network security, please visit
How to update the firmware of your router to the latest version?
https://www.asus.com/support/FAQ/1039292
ASUS Product Security Advisory | ASUS Global
www.asus.com
01/02/2025 ASUS Router AiCloud vulnerability
Injection and execution vulnerabilities in certain ASUS router firmware series that allow authenticated attackers to trigger command execution have been identified in ASUS router AiCloud. If the vulnerabilities are exploited, authenticated administrators could execute commands through the router over the network. We have released new firmware update for 3.0.0.4_386, 3.0.0.4_388, 3.0.0.6_102 series.
We advise you to check your equipment and security procedures regularly, as this will make you safer. As a user of an ASUS router, we recommend following these steps:
• Update your router with the newest firmware. We encourage you to do this when new firmware becomes available. You can find the newest firmware on the ASUS support page at
https://www.asus.com/support/ or the relevant product page at
https://www.asus.com/Networking/. ASUS has provided a link to new firmware for some routers at the end of this notice.
• Use different passwords for your wireless network and router-administration page. Use passwords that have at least 10 characters, with a mix of capital letters, numbers and symbols. Do not use the same password for more than one device or service.
If you are unable to update the firmware quickly or the router (with 3.0.0.4_382 firmware) is end-of-life , please ensure that both your login and WiFi passwords are strong. It is recommended to (1) Enable the password protection in AiCloud (2) disable any services that can be accessed from the internet, such as remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP; and (3) use passwords that have more than 10 characters, including a mix of uppercase letters, numbers, and special characters to enhance the security of your devices. Do not use passwords with consecutive numbers or letters, such as 1234567890, abcdefghij, or qwertyuiop.
For further help with router setup and an introduction to network security, please visit
How to update the firmware of your router to the latest version?
https://www.asus.com/support/FAQ/1039292
| Firmware | CVE |
| 3.0.0.4_386 series 3.0.0.4_388 series 3.0.0.6_102 series | CVE-2024-12912 CVE-2024-13062 |
